On 26.01.2011 00:02, Honza Bambas wrote:
Ben, proxy info (the last argument) could make a trick for you. Fill
proxy info with host:port of the server (as it actually stands as a
proxy between the two clients). Let host name passed to
createTransport() be the name of the [cert].
Thanks for t
On 01/23/2011 05:56 PM, Ben Bucksch wrote:
I am trying to implement XMPP, in chrome-JS.
XMPP resolves the server hostname using DNS SRV lookups, so if I want to
get the server for "foo.com", I may end up with e.g. "abcdxmpp.foo.com"
as hostname. The user opened the connection to "foo.com", thoug
Ben, proxy info (the last argument) could make a trick for you. Fill
proxy info with host:port of the server (as it actually stands as a
proxy between the two clients). Let host name passed to
createTransport() be the name of the client. This will make the
underlying TCP socket connect to th
On 01/24/2011 01:05 PM, Ben Bucksch wrote:
No, actually, that would be a security bug. XMPP (better known as
"Jabber", "Google Talk" etc.) uses DNS SRV lookups to find the hostname
of a server. For the user, the connection just goes to "foo.com". We
make a DNS SRV lookup of _xmpp-client._tcp.foo
Just to be clear, to avoid confusion: this was a pure programming
question, not a server admin or PKI setup question. I write a client for
an existing standard protocol, and it's supposed to work with the
existing servers, over which I have no control.
Ben
--
dev-tech-crypto mailing list
dev-t
On 24.01.2011 19:36, Marsh Ray wrote:
The correct solution would be to fix the certificate on the server.
No, actually, that would be a security bug. XMPP (better known as
"Jabber", "Google Talk" etc.) uses DNS SRV lookups to find the hostname
of a server. For the user, the connection just go
On 01/24/2011 12:12 PM, Ben Bucksch wrote:
I filed bug 628312 above the original problem that don't have an API to
set the expected host, and have a prototype fix, but can't get it to work.
Can somebody help, please? This is a blocker for me right now, I can't
deploy XMPP without STARTTLS.
The
I filed bug 628312 above the original problem that don't have an API to
set the expected host, and have a prototype fix, but can't get it to work.
In the meantime, I need the workaround. After sinking a full day of
highly concentrated work into it, I am still stuck on this:
On 24.01.2011 16:0
On 24.01.2011 15:10, Ben Bucksch wrote:
In my nsIBadCertListener2::notifyCertProblem(), I try to
getInterface(nsITransportSecurityInfo) from socketInfo, because
nsNSSIOLayer.cpp::nsNSSBadCerthandler() lines 3348 and 3577 suggest
that it should be a nsNSSSocketInfo object, which implements
nsIT
On 24.01.2011 12:38, Ben Bucksch wrote:
Worst comes to worst, I can always override the cert error, and do the
check myself, but that's going to get quite ugly.
I have to say the PSM IDL interfaces are coming right out of the black
hole. I implement nsIBadCertListener2 and nsISSLErrorListener.
On 24.01.2011 06:54, Kaspar Brand wrote:
You're looking for SSL_SetURL
(http://mxr.mozilla.org/mozilla/ident?i=SSL_SetURL)
Thanks!
but note that this
is currently not exposed to JS land... maybe something to add to PSM's
nsNSSSocketInfo?
Meh! It's an extension to be deployed to customers in
On 24.01.2011 01:56, Ben Bucksch wrote:
> I am trying to implement XMPP, in chrome-JS.
[...]
> From what I understand, the app should be able to tell the security lib
> which hostname to check against, because we're supposed to check against
> what the user entered originally, not necessarily wh
I am trying to implement XMPP, in chrome-JS.
XMPP resolves the server hostname using DNS SRV lookups, so if I want to
get the server for "foo.com", I may end up with e.g. "abcdxmpp.foo.com"
as hostname. The user opened the connection to "foo.com", though, and
the SSL certificate is for "foo.co
13 matches
Mail list logo
